All of those can be got around. ANYONE who has the ability to create their own VIEW on a list will be able to get around what you have done. Anyone who can create a page and add a web part to it can get around what you do. Anyone who can use any form of API to connect to your list.... etc.

There is absolutely no secure way without either developing a full blown sharepoint application that you can load into your farm or go buy one that already exists.

1. Create views for the different user groups
2. Remove the rights to create public or personal views for the users involved
3. Ensure the list in question cannot be searched for - set this in List settings
4. Open SharePoint Designer. Go to the View Pages for the library, you'll see these as aspx pages
5. Wrap the List View control on the page in a Security Trimmed Control, based on a permission the restricted users don't have

When unauthorized users try to see the view with the extra column it's blank. When they search for values, nothing shows up as the list isn't crawled.

Only downside to this approach is that the two groups of users need distinct permissions.

"Only downside to this approach is that the two groups of users need distinct permissions"

ONLY?

You have just crippled SharePoint in effect and still not achieved what was asked. What about Datasheet view? ALL of the suggestions so far mean you have to completely disable datasheet view as none of them offer any protect in that mode.

What about all those ribbon buttons that allow a user to export data? Set up Alerts on lists?

What if another user, with permissions, creates a new public view?

They are ALL considerations and all are security holes if your data is sensitive. Without a third party solution that has been built specifically for this purpose, you have to "Play" at making it secure and it will cost you a lot more in the long run.

I am just trying to make sure that you are aware of what you can and cant do and just how much work would be involved in you trying to do this on your own in code.

I do this all the time. I set up SharePoint groups (usually at the site level) with the required permissions. In the JavaScript bond to the page, I write custom CSOM code that checks the user for membership to the groups. I then add the users to the groups and customize the group permissions appropriately. I find the groups work best, because you many times are trying to control access based on AD groups which can be bound to the SharePoint groups. This avoids a nightmare when trying to manage permissions with changes in the enterprise. AD becomes the single source of truth for authorization.

Use your IE debugger to identify the elements that need to be "hidden", and use a little jQuery to select the elements. (Don't forget the column headers). If necessary, wrap the dynamic elements in spans or divs on the page so that you can assign an ID that can be used for selection.

Once you have you DOM selection you can either use jQuery .hide() or .remove() depending on the sensitivity of the information.

There are a few other tricks I've learned along the way. One important one is to put the commonly used CSOM and REST functionality in the JavaScript for the master page and parameterize it so that it is available for all pages that use the master.

Hope this helps. For obvious reasons, I'm not going to post security based code on a public forum.

Looks like some customization is required for sure to control columns. One thing i'm allowed to do is to have the columns that I'm trying to hide can be visible but want to restrict edit or enter details in the new form for some users but allow some users to edit and enter them. WIll this be possible with OOTB or some other means?

The BoostSolutions PAID solution allows you to do everything you have mentioned and more, with a few clicks and no code. You can have as many Groups with as many different permissions on different columns AND Views as you like.

Now if your company does not value an investment of $899 (Assuming a single WFE Farm) and would rather you(?) spend days/weeks learning and tuning permissions that are by no means secure then the above mentioned methods are your only option.

If they want a robust, secure, supported, quick and simple way for you to work and improve productivity with SharePoint then Sometimes they have to put their hands in their pockets and realise that SharePoint is a development framework and that you really need all of the right tools to do the right jobs.

I work in a secure environment and to me when someone says I want to HIDE that information form a group of users it is understood that it should NOT leave the server. Your situation may be different in that having that data travelling around the network and onto client machines and THEN hidden is acceptable. But remember that if it arrives on the client machine it CAN be got at.

Kernel Data Recovery is a renowned Data Recovery solution provider which offers wide range of softwares for both enterprise and home users with its cost-effective solutions. Let's have a quick overview of the journey and data recovery tools range he…

If you are looking for an automated solution for backup single or multiple Office 365 user mailboxes to Outlook data file, then you can use Kernel Office 365 Backup & Restore tool. Go through the video to check out the steps to backup single or mult…